particle-os/debian-forge
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
debian-forge/stages
History
Tomas Hozza 3dea4b934c stages/rpm: don't verify signatures during install 
If instructed, the rpm stage checks all digests and signatures of a package
explicitly using `rpmkeys` tool. The default stage behavior is that no
package signatures are checked when installed by the stage (not even
explicitly).

For these reasons, the package signature checking is supposed to be
disabled when installing rpm packages. This was achieved by passing the
`--define "_pkgverify_level none"` option to rpm. However this option
specifies only requirements for a package to be installed and `none`
means that packages without any signature are accepted by rpm. If the
package signature is deemed BAD, the package installation fails even
though this option has been passed to rpm.

There are valid cases when even packages which signature marked as BAD
should be installed. It may happen, that the GPG key used to sign a
package uses an algorithm not allowed by the system crypto policy, e.g.
SHA1. If such GPG key is imported on the system and a package signed
using it is being installed, its installation would fail when the
package is read by rpm. This is because its signatures are by default
checked if they exist in the package.

The desired behavior to not check any package signatures when installing
a package is instead achieved by using `--nosignature` rpm option. It
turns off the whole signature checking mechanism.

Use the `--nosignature` rpm option instead of
`--define "_pkgverify_level none"`, when installing packages using rpm.

Fix https://github.com/osbuild/osbuild/issues/991
2022-03-22 18:41:12 +01:00
..
org.osbuild.anaconda stages: add org.osbuild.anaconda 2021-02-19 14:42:32 +00:00
org.osbuild.authconfig stages/authconfig: run authconfig 2021-11-08 20:43:51 +01:00
org.osbuild.authselect stages/authselect: rename profile_id option to profile 2021-07-15 17:17:50 +02:00
org.osbuild.bootiso.mono bootiso: add the option to compress using lz4 2022-02-08 16:02:36 +01:00
org.osbuild.buildstamp stages: add org.osbuild.buildstamp 2021-02-19 14:42:32 +00:00
org.osbuild.chmod stages/chmod: SCHEMA_2 2021-07-01 10:49:38 +02:00
org.osbuild.chrony stages/chrony: extend chrony stage to allow additional directives 2021-06-26 10:28:03 +01:00
org.osbuild.clevis.luks-bind stages: add clevis-luks-bind stage 2022-02-16 15:43:19 +01:00
org.osbuild.cloud-init stages/cloud-init: disable default_flow_style when writing configs 2021-11-05 12:08:38 +01:00
org.osbuild.copy formats/v2: mounts are arrays 2021-07-21 13:28:22 +02:00
org.osbuild.cron.script stages: add new org.osbuild.cron.script stage 2021-11-05 11:53:11 +01:00
org.osbuild.crypttab stages: add new org.osbuild.crypttab stage 2021-12-09 00:44:21 +00:00
org.osbuild.debug-shell stages: use api.arguments 2020-08-25 18:51:55 +02:00
org.osbuild.discinfo stages: add org.osbuild.discinfo 2021-02-19 14:42:32 +00:00
org.osbuild.dnf-automatic.config Add new stage for configuring DNF Automatic 2021-12-15 18:49:13 +01:00
org.osbuild.dnf.config stages/org.osbuild.dnf.config: Edit /etc/dnf/dnf.conf 2021-12-09 15:53:57 +01:00
org.osbuild.dracut stages/dracut: disable hostonly mode and default to reproducible images 2021-06-07 12:15:26 +02:00
org.osbuild.dracut.conf stages/dracut: write only one config file 2021-07-22 01:05:29 +02:00
org.osbuild.error stages: use api.arguments 2020-08-25 18:51:55 +02:00
org.osbuild.fdo stages: add new org.osbuild.fdo stage 2022-02-23 15:32:02 +00:00
org.osbuild.firewall stages/firewall: fix fail when setting only the default zone 2022-03-04 10:02:27 +01:00
org.osbuild.first-boot stages: use api.arguments 2020-08-25 18:51:55 +02:00
org.osbuild.fix-bls stages: use api.arguments 2020-08-25 18:51:55 +02:00
org.osbuild.fstab stages/fstab: fix partabel option 2021-08-07 11:50:00 +02:00
org.osbuild.groups stages/groups: fix group name schema validation 2021-06-09 20:33:27 +02:00
org.osbuild.grub2 stages/grub2: option to configure GRUB_DEFAULT 2022-03-04 16:38:41 +01:00
org.osbuild.grub2.inst stages/grub2.inst: Make grub-mkimage binary configurable 2021-11-29 20:28:44 +01:00
org.osbuild.grub2.iso stages/grub2.iso: small refactoring 2021-07-16 13:20:45 +02:00
org.osbuild.grub2.legacy stages: Remove excess whitespace between words 2022-01-06 16:01:26 +01:00
org.osbuild.gunzip osbuild: Add org.osbuild.gunzip stage 2021-11-19 00:16:04 +00:00
org.osbuild.gzip Don't save name or timestamp for compressed file 2021-08-24 20:47:00 +02:00
org.osbuild.hostname stages: use api.arguments 2020-08-25 18:51:55 +02:00
org.osbuild.ignition stages: use api.arguments 2020-08-25 18:51:55 +02:00
org.osbuild.implantisomd5 stages: add org.osbuild.implantisomd5 2021-02-19 14:42:32 +00:00
org.osbuild.isolinux stages: add org.osbuild.isolinux 2021-07-16 15:19:58 +01:00
org.osbuild.kernel-cmdline stages: use api.arguments 2020-08-25 18:51:55 +02:00
org.osbuild.keymap stages/keymap: add option to configure X11 keyboard 2021-06-29 17:57:18 +02:00
org.osbuild.kickstart stages/kickstart: ensure a newline at the end of the file 2022-01-04 18:36:37 +01:00
org.osbuild.locale stages: use api.arguments 2020-08-25 18:51:55 +02:00
org.osbuild.lorax-script stages: add org.osbuild.lorax-script 2021-02-19 14:42:32 +00:00
org.osbuild.luks2.format stages: add new luks2 stage 2021-12-09 00:44:21 +00:00
org.osbuild.luks2.remove-key stages: add luks remove-key stage 2022-02-16 15:43:19 +01:00
org.osbuild.lvm2.create stages/lvm2.create: fix 'size' and add 'extents' 2021-11-03 15:09:35 +00:00
org.osbuild.lvm2.metadata stages/lvm2.metadata: fix typo in regex 2021-08-21 09:10:42 +02:00
org.osbuild.mkdir stages: add org.osbuild.mkdir 2021-07-08 21:14:21 +01:00
org.osbuild.mkfs.btrfs stages/mkfs.btrfs: new stage to create a btrfs 2021-06-09 18:37:47 +01:00
org.osbuild.mkfs.ext4 stages/mkfs.ext4: new stage to create an ext4 fs 2021-06-09 18:37:47 +01:00
org.osbuild.mkfs.fat stages: add mkfs.fat stage 2021-06-09 18:37:47 +01:00
org.osbuild.mkfs.xfs stages: add mkfs.xfs stage 2021-06-09 18:37:47 +01:00
org.osbuild.mkinitcpio Add mkinitcpio stage 2021-12-21 10:44:55 +01:00
org.osbuild.modprobe Support 'install' command in org.osbuild.modprobe stage 2021-11-03 16:11:54 +00:00
org.osbuild.nginx.conf stages/nginx.conf: SCHEMA_2 2021-07-01 10:49:38 +02:00
org.osbuild.nm.conf stages: add org.osbuild.nm.conf 2021-07-28 22:01:54 +01:00
org.osbuild.nm.conn stages/nm.conn: allow creating files anywhere 2021-07-28 22:01:54 +01:00
org.osbuild.noop stages/noop: allow mounts and devices 2021-07-21 13:28:22 +02:00
org.osbuild.oci-archive stages/oci-archive: fix creation time format 2022-02-22 10:04:08 +00:00
org.osbuild.ostree stages/ostree: fix stage to work with inputs 2021-06-09 18:37:47 +01:00
org.osbuild.ostree.commit stages/ostree.commit: port from assembler 2021-02-12 15:55:43 +01:00
org.osbuild.ostree.config ostree.config: add bootloader config option 2021-09-09 12:29:54 +02:00
org.osbuild.ostree.deploy stages/ostree.deploy: add remote option 2021-08-28 16:34:37 +02:00
org.osbuild.ostree.fillvar stages/ostree.fillvar: fill the correct var 2021-11-26 17:20:11 +01:00
org.osbuild.ostree.init stages/ostree.init: new stage to init a repo 2021-02-12 15:55:43 +01:00
org.osbuild.ostree.init-fs stages: add org.osbuild.ostree.init-fs 2021-07-12 18:21:05 +02:00
org.osbuild.ostree.os-init stages: add org.osbuild.ostree.init-os 2021-07-12 18:21:05 +02:00
org.osbuild.ostree.passwd stages: add org.osbuild.ostree.passwd 2021-08-17 13:53:00 +02:00
org.osbuild.ostree.preptree stages/preptree: move home dirs to var/home 2021-03-16 21:58:02 +01:00
org.osbuild.ostree.pull stages/ostree.pull: add remote parameter 2021-08-28 16:34:37 +02:00
org.osbuild.ostree.remotes stages: add org.osbuild.ostree.remotes 2021-07-12 18:21:05 +02:00
org.osbuild.ostree.selinux stages: add org.osbuild.ostree.selinux 2021-07-12 18:21:05 +02:00
org.osbuild.pacman stages/org.osbuild.pacman: Make /dev/stdin available 2022-01-06 16:01:26 +01:00
org.osbuild.pacman-keyring stages: add pacman keyring stage 2022-03-01 16:07:27 +01:00
org.osbuild.pacman.conf stages: add the ability to configure pacman repos 2022-03-01 16:07:27 +01:00
org.osbuild.pacman.mirrorlist.conf stages: add org.osbuild.pacman.mirrorlist.conf 2022-03-01 16:07:27 +01:00
org.osbuild.pam.limits.conf stages: pam_limits.conf → pam.limits.conf 2021-09-14 15:31:12 +02:00
org.osbuild.parted stages/parted: new stage to partition a device 2021-10-30 00:54:09 +01:00
org.osbuild.pwquality.conf stages/pwquality.conf: set pwquality configuration 2021-11-05 16:53:54 +01:00
org.osbuild.qemu stages/qemu: fix 'compat' option 2021-09-23 11:00:47 +02:00
org.osbuild.resolv-conf stages: add org.osbuild.resolv-conf 2021-03-11 12:46:24 +00:00
org.osbuild.rhsm stages/rhsm: add support to configure yum plugins 2021-11-05 15:56:54 +01:00
org.osbuild.rpm stages/rpm: don't verify signatures during install 2022-03-22 18:41:12 +01:00
org.osbuild.rpm-ostree stages: use api.arguments 2020-08-25 18:51:55 +02:00
org.osbuild.selinux stages/selinux: directly call setfilecon 2022-03-18 20:36:10 +01:00
org.osbuild.selinux.config Add a new stage for configuring SELinux state on the system 2021-09-08 11:22:55 +02:00
org.osbuild.sfdisk stages/sfdisk: don't inform the kernel 2021-06-14 14:15:20 +01:00
org.osbuild.skopeo skopeo stage: remove overlay/backingFsBlockDev file after install 2022-02-15 19:13:00 +01:00
org.osbuild.squashfs Add the option of compressing using lz4 2022-01-11 13:20:11 +01:00
org.osbuild.sshd.config sshd.config stage: support PermitRootLogin option 2021-12-07 15:20:50 +00:00
org.osbuild.sysconfig stages: allow using sysconfig stage multiple times. 2021-12-17 08:44:54 +01:00
org.osbuild.sysctld Add a new stage for setting kernel parameters via sysctl.d 2021-09-09 11:16:11 +02:00
org.osbuild.systemd stages: extract systemd.unit from systemd 2021-07-22 01:05:29 +02:00
org.osbuild.systemd-logind stages/logind: write only one drop-in file 2021-07-22 01:05:29 +02:00
org.osbuild.systemd.unit stages: extract systemd.unit from systemd 2021-07-22 01:05:29 +02:00
org.osbuild.tar Fix typo in tar stage schema option enum 2021-12-22 11:50:08 +01:00
org.osbuild.test stages: use api.arguments 2020-08-25 18:51:55 +02:00
org.osbuild.timezone stages: use api.arguments 2020-08-25 18:51:55 +02:00
org.osbuild.tmpfilesd Add a new stage org.osbuild.tmpfilesd for configuring tmpfiles.d 2021-09-08 14:08:40 +02:00
org.osbuild.truncate stages: add truncate stage 2021-06-09 18:37:47 +01:00
org.osbuild.tuned Add new org.osbuild.tuned stage for setting active TuneD profile 2021-09-07 10:43:54 +02:00
org.osbuild.untar stages: add org.osbuild.untar 2021-08-07 11:50:00 +02:00
org.osbuild.users stages/users: Explicitly create a home directory 2021-12-09 16:48:31 +01:00
org.osbuild.waagent.conf stages/waagent.conf: set WALinuxAgent configuration 2021-11-03 18:32:40 +01:00
org.osbuild.xorrisofs stages/xorrisofs: ability to set system id 2021-03-14 15:33:07 +01:00
org.osbuild.xz stages: add org.osbuild.xz to compress files 2021-06-30 12:06:30 +02:00
org.osbuild.yum.config stages/yum.config: add an option to configure langpacks plugin 2021-11-08 17:17:02 +01:00
org.osbuild.yum.repos Add new stage for creating YUM / DNF repo files 2021-12-09 18:51:51 +01:00
org.osbuild.zipl stages: use api.arguments 2020-08-25 18:51:55 +02:00
org.osbuild.zipl.inst formats/v2: mounts are arrays 2021-07-21 13:28:22 +02:00